Re: [git-users] Branch level authentication
On Thu, Aug 15, 2013 at 09:46:49PM -0700, Jimit Modi wrote: At our company, we are evaulating to migrate to GIT from SVN. Here we are following a process in which we have the following branch and access control. --- | Branch| Purpose | ACL | --- | `master` | live copy| AGM | --- | `staging` | staging copy | AGM, TL | --- | 'dev` | development copy | AGM, TL, Devs| --- Now all devs create a feature branch from the dev branch and again merge it in dev when they have finished working and push it. Now TL review the work and cherry pick or merge dev in staging, depending on the sencario. If everything is well they push the changes on staging. Same is done by AGM's for master branch. We want that devs will be able to pull the changes from staging and master branch, but will not be able to push. So the question is: - How can we setup a authentication system where only the allowed one will be able to push.? I gather you can write a hook that allows only certain users to push changes from `staging` to `master`. Most likely that sort of script can already be found in the wild somewhere. Here's another thought, albeit a wild and crazy one: trust that the developers understand rules and can follow them. Just tell them to never ever push anything from `staging` to `master`. If you want to you can monitor them for a while to convince yourself that they can follow that simple instruction and only if they completely fail can you start looking at authorization for pushing into certain branches (or consider whether you really want people around who can't follow such basic instructions ;-). Reasons for doing it this way: - It almost certainly will work from day one. - Git makes it easy to revert any failures to comply with the rule. - With this 'social solution' you can much more easily break the rule when the need arises. The day will come when you are facing a critical bug, that has to be pushed to `master`, but no-one authorized is available. /M -- Magnus Therning OpenPGP: 0xAB4DFBA4 email: mag...@therning.org jabber: mag...@therning.org twitter: magthe http://therning.org/magnus I invented the term Object-Oriented, and I can tell you I did not have C++ in mind. -- Alan Kay pgpQLoZxRDOB5.pgp Description: PGP signature
Re: [git-users] Branch level authentication
Well the branches do not need to be on the same location/folder/computer. The devs could push to e.g. /cmdata/git/devs/myproject.git The tl pulls from devs and pushes to e.g. /cmdata/git/tl/myproject.git The agm pulls from tl and could push to e.g. /cmdata/git/agm/myproject.git You just configure your various sources apart from 'origin'. The folders you assign different user/group write permissions - so the write access is handled via OS. -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] Branch level authentication
You could also look into solutions like bitbucket by creating repos and assigning different access permissions. Or on a unix server, achieve the same with different repos and unix user access levels. All this is defined at process level. Hope that helps, HD. -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] Branch level authentication
Hello, git itself is not capable of authentication and authorization, you will need a separate software for that. I personally use gitosis, but many others exist out there. This kind of software is needed only on the server side, clients can still use good old git client. Best, Gergely On 16 Aug 2013 06:46, Jimit Modi jimy2004k...@gmail.com wrote: At our company, we are evaulating to migrate to GIT from SVN. Here we are following a process in which we have the following branch and access control. --- | Branch| Purpose | ACL | --- | `master` | live copy| AGM | --- | `staging` | staging copy | AGM, TL | --- | 'dev` | development copy | AGM, TL, Devs| --- Now all devs create a feature branch from the dev branch and again merge it in dev when they have finished working and push it. Now TL review the work and cherry pick or merge dev in staging, depending on the sencario. If everything is well they push the changes on staging. Same is done by AGM's for master branch. We want that devs will be able to pull the changes from staging and master branch, but will not be able to push. So the question is: - How can we setup a authentication system where only the allowed one will be able to push.? -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
Re: [git-users] Branch level authentication
Thanks. Will look at it and update. -- Jim(y || it) On Fri, Aug 16, 2013 at 1:10 PM, Gergely Polonkai gerg...@polonkai.euwrote: Hello, git itself is not capable of authentication and authorization, you will need a separate software for that. I personally use gitosis, but many others exist out there. This kind of software is needed only on the server side, clients can still use good old git client. Best, Gergely On 16 Aug 2013 06:46, Jimit Modi jimy2004k...@gmail.com wrote: At our company, we are evaulating to migrate to GIT from SVN. Here we are following a process in which we have the following branch and access control. --- | Branch| Purpose | ACL | --- | `master` | live copy| AGM | --- | `staging` | staging copy | AGM, TL | --- | 'dev` | development copy | AGM, TL, Devs| --- Now all devs create a feature branch from the dev branch and again merge it in dev when they have finished working and push it. Now TL review the work and cherry pick or merge dev in staging, depending on the sencario. If everything is well they push the changes on staging. Same is done by AGM's for master branch. We want that devs will be able to pull the changes from staging and master branch, but will not be able to push. So the question is: - How can we setup a authentication system where only the allowed one will be able to push.? -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out. -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
[git-users] Branch level authentication
At our company, we are evaulating to migrate to GIT from SVN. Here we are following a process in which we have the following branch and access control. --- | Branch| Purpose | ACL | --- | `master` | live copy| AGM | --- | `staging` | staging copy | AGM, TL | --- | 'dev` | development copy | AGM, TL, Devs| --- Now all devs create a feature branch from the dev branch and again merge it in dev when they have finished working and push it. Now TL review the work and cherry pick or merge dev in staging, depending on the sencario. If everything is well they push the changes on staging. Same is done by AGM's for master branch. We want that devs will be able to pull the changes from staging and master branch, but will not be able to push. So the question is: - How can we setup a authentication system where only the allowed one will be able to push.? -- You received this message because you are subscribed to the Google Groups Git for human beings group. To unsubscribe from this group and stop receiving emails from it, send an email to git-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.